oss-sec mailing list archives
Re: CVE Request: libesmtp does not check NULL bytes in commonName
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Tue, 09 Mar 2010 19:00:57 +0100
Hi Steve, Kees Cook wrote:
Hello, I just noticed that libesmtp does not appear to handle NULL-byte CNs, as seen with the original browser-based issue: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 Related to this are failures in wildcard handling: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191 and CN-specificity: https://bugzilla.redhat.com/show_bug.cgi?id=510202 Though it may be a non-issue if TLS doesn't function at all: http://bugs.gentoo.org/213066
any progress while assigning CVE ids for these issues? From what I can tell, two should be enough: a, libESMTP doesn't properly handle NULL character in Common Name References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 http://ioactive.com/pdfs/PKILayerCake.pdf (issue 2c) b, libESMTP's match_component() accepts two strings as equal if they start equal but don't have equal length => cert forgery References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=311191 Kees, please correct me, if I omitted something. Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
-Kees
Current thread:
- CVE Request: libesmtp does not check NULL bytes in commonName Kees Cook (Mar 03)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Jan Lieskovsky (Mar 09)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 10)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 10)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 11)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 15)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Brian Stafford (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName ArkanoiD (Mar 16)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Ludwig Nussel (Mar 10)
- Re: CVE Request: libesmtp does not check NULL bytes in commonName Jan Lieskovsky (Mar 09)